<?php # Script 8.7 - password.php
$page_title = '비밀번호 변경';
include('includes/header.html');
?>
	<div id="wrap">
		<div class="navbar navbar-inverse">
			<div class="navbar-inner">
				<div class="container">
					<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
						<span class="icon-bar"></span>
						<span class="icon-bar"></span>
						<span class="icon-bar"></span>
					</a>
					<a class="brand" href="index.php">User Manager</a>
					<div class="nav-collapse collapse">
						<ul class="nav">
							<li class=""><a href="index.php">홈</a></li>
							<li class=""><a href="register02.php">사용자 등록</a></li>
							<li class=""><a href="view_users02.php">사용자 목록</a></li>
							<li class="active"><a href="password.php">비밀번호 변경</a></li>
							<li class=""><a href="#">link five</a></li>
						</ul>
					</div>
				</div>
			</div>
		</div>
		<div class="container">
			<div class="page-header">
    	<!-- Start of the page-specific content. -->
<?php

// Check if the form has been submitted:
if (isset($_POST['submitted'])) {
	
	require_once('./mysqli_connect.php'); // Connect to the db.

	$errors = array(); // Initialize an error array.

	// Check for an email address:
	if (empty($_POST['email'])) {
		$errors[] = 'You forgot to enter your email address.';
	} else {
		$e = mysqli_real_escape_string($dbc, trim($_POST['email']));
	}

	// Check for unique email:
	$q = "select user_id from users where email='$e'";
	$r = @mysqli_query($dbc, $q);

	// Count the number of returned rows:
	$num = mysqli_num_rows($r);
	if($num > 0) { // If it already has same email, display error:
		$errors[] = "There is already same email address.";
	}

	// Check for the current password:
	if (empty($_POST['pass'])) {
		$errors[] = 'You forgot to enter your current password.';
	} else {
		$p = mysqli_real_escape_string($dbc, trim($_POST['pass']));
	}

	// Check for a password and match against the confirmed password:
	if (!empty($_POST['pass1'])) {
		if ($_POST['pass1'] != $_POST['pass2']) {
			$errors[] = 'Your password did not match the confirmed password.';
		} else {
			$np = mysqli_real_escape_string($dbc, trim($_POST['pass1']));
		}
	} else {
		$errors[] = 'You forgot to enter your new password.';
	}

	if (empty($errors)) { // If everything's OK.
		
		// Check that they've entered the right email address/password combination:
		$q = "select user_id from users where (email='$e' and pass=SHA1('$p') )";
		$r = @mysqli_query($dbc, $q); // Run the query.
		$num = @mysqli_num_rows($r);
		if ($num == 1) { // Match was made.
			
			// Get the user_id:
			$row = mysqli_fetch_array($r, MYSQLI_NUM);

			// Make the UPDATE query:
			$q = "update users set pass=SHA1('$np') where user_id=$row[0]";
			$r = @mysqli_query($dbc, $q);

			if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
				
				// Print a message.
				echo '<h1>Thank you!</h1>
				<p>Your password has been updated. In Chapter11 you will actually be able to log in!</p><p><br/></p>';

			} else { // If it did not run OK.

				// Public message:
				echo '<h1>System Error</h1>
				<p class="error">Your password could not be changed due to a system error. We apologize for any inconvenience.</p>';

				// Debugging message:
				echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>';

			}

			// Include the footer and quit the script (to not show the form).
			include ('includes/footer.html');
			exit();

		} else { // Invalid email address / password combination.

			echo '<h1>Error!</h1>
			<p class="text-error">The email address and password do not match those on file.</p>';

		}


	} else { // Report the errors.

		echo '<h1>Error!</h1>
		<p class="text-error">The following error(s) occurred:<br/>';
		foreach ($errors as $msg) { // Print each error.
			echo "- $msg<br/>\n";
		}
		echo '</p><p>Please try again.</p><p><br/></p>';

	}  // End of if (empty($errors)) IF.

	mysqli_close($dbc); // Close the database connection.

} // End of the main Submit conditional.
?>
<h1>비밀번호 변경</h1>
<form action="password.php" method="post" class="form-horizontal">
	<fieldset>
		<div class="control-group">
			<label class="control-label">Email Address:</label>
			<div class="controls">
				<input type="text" class="input-xlarge" name="email" size="20" maxlength="80" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>">
			</div>
		</div>
		<div class="control-group">
			<label class="control-label">Current Password:</label>
			<div class="controls">
				<input type="password" class="input-xlarge" name="pass" size="10" maxlength="20">
			</div>
		</div>
		<div class="control-group">
			<label class="control-label">New Password:</label>
			<div class="controls">
				<input type="password" class="input-xlarge" name="pass1" size="10" maxlength="20">
			</div>
		</div>
		<div class="control-group">
			<label class="control-label">Confirm New Password:</label>
			<div class="controls">
				<input type="password" class="input-xlarge" name="pass2" size="10" maxlength="20">
			</div>
		</div>
		<div class="form-actions">
            <button type="submit" class="btn btn-primary btn-large">Change Password</button>
            <input type="hidden" name="submitted" value="TRUE">
        </div>
	</fieldset>
</form>
<?php
include('includes/footer.html');
?>